gafgyt | 35b8c39f95282168b1691278decd43f3d28769ecea0a44361d037307e3cb8fd7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35b8c39f95282168b1691278decd43f3d28769ecea0a44361d037307e3cb8fd7.elf
Size

84KB
Sample

240213-dbgyasea22
MD5

8c778d062974f3173e6ab4a2218b79c0
SHA1

9231a82f8292e9a1d0cb3128c1ace0023ec77c36
SHA256

35b8c39f95282168b1691278decd43f3d28769ecea0a44361d037307e3cb8fd7
SHA512

ec871951d19cb5842df0da64684fe8f44fdcaddcf4daaa2e7bbb92e715faa216f1d0c9f64fb72927101c10c26407d9c7abb94c35e497f1c066501045871bd146
SSDEEP

1536:sQmab6bXPm8VjWWHT0im5t3ItTShKW6GLdUF5MI5AtpgwpUOGHfV+mLI2VOYjXUd:Oab6bXPm8VjWWHT0B5t4tcnBUF5MI5d+

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

95.123.85.55:839

Targets

- Target
  
  35b8c39f95282168b1691278decd43f3d28769ecea0a44361d037307e3cb8fd7.elf
- Size
  
  84KB
- MD5
  
  8c778d062974f3173e6ab4a2218b79c0
- SHA1
  
  9231a82f8292e9a1d0cb3128c1ace0023ec77c36
- SHA256
  
  35b8c39f95282168b1691278decd43f3d28769ecea0a44361d037307e3cb8fd7
- SHA512
  
  ec871951d19cb5842df0da64684fe8f44fdcaddcf4daaa2e7bbb92e715faa216f1d0c9f64fb72927101c10c26407d9c7abb94c35e497f1c066501045871bd146
- SSDEEP
  
  1536:sQmab6bXPm8VjWWHT0im5t3ItTShKW6GLdUF5MI5AtpgwpUOGHfV+mLI2VOYjXUd:Oab6bXPm8VjWWHT0B5t4tcnBUF5MI5d+
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1